---
title: resume
author: alex2006hw
date: 2013-12-05
template: article.jade
---
                    Alex Davis
                    Email: alex2006hw@gmail.com
                    phone: (XXX) 598-8XXX

 

**Objective**

A balanced work life

**Background**

The following is a resume of my experience as a consultant and fulltime employee working in complex network environments. This includes hands-on experience with, Cisco routers and routing protocols, switched Ethernet and Token-Ring, frame-relay, X25, Microsoft NT, HP and Digital based network protocol. My day-to-day activities include architect, design, planning, rollouts, integration, and troubleshooting of TCP/IP based applications and network.  I am very familiar with protocol analyzers, network sniffers, application trace and debug harnesses.  I also have In-depth experience and understanding of the SunOS, Solaris, BSD, AIX, WindowsNT, Linux operating system in addition to most of the Internet ecommerce applications such as apache, Oracle, Sendmail, ProFTPd, Wu-FTPd, WebSphere, SSL, SSH, LDAP packages, Windows IIS, and Checkpoint NG and AI.

I merge effectively with existing staff, work well with minimal supervision, and spend considerable personal time studying new technologies.  Because of this, and the varied experience I gained while rotating among production, integration, and development environment, I adapt quickly to new environments and technologies.


**SECURITY**

IPSO, SandBoxes, HoneyPots, Bluecoat, Mazu, Squid Proxy, Netscreen (Juniper) IPChains, IPtables, flight recorders, TIS FWTK, Kerberos, SSH, SSO, Entrust, Unix Hardening, Network Hardening, PCI, ISO27001, SOX, HIPAA, GLBA, ISO17799, COBIT, SSAE16, OSSEC
  

**LANGUAGES**

C, Java, Shells, Perl, TCL/TK, PHP, JavaScript, Ruby, golang, nodejs

**Other Skills**

Attack and penetration security, Firewall, Identity management, Encryption technology, Controls re-engineering

Assessment of network vulnerability, Network configuration and administration, Virus software, Security auditing techniques, Computer control environments, UNIX Security, NT/Windows 2000/XP, Desktop Support, Vendor management, Team building, Hire, Termination, Interview, Team motivation, Profit and loss analysis, Employee reviews and career planning, Pre-sales presentation, Contract negotiation, Statement of work, Business relationship building, Engineer utilization management, Client engagement management, Very goal oriented and able to supervise self and others. Have a strong understanding of business and how to align technology with business goals.

**Education **

BSCS/GENETICS UCBerkeley, Cisco: Inter-networking I and II, 3COM: WAN Technologies, Sun: Solaris, Administrator, Sun: Java Developer, Checkpoint CSSE+,CISSP \#62126, DataDomain SE, Netscreen (Juniper firewall)

**Experience **

**March 2014 - May 2014**
**System Admin, [Betterfinance.me](https://Betterfinance.me/), San Francisco, CA**

I manage and administer the company's IT environment.  Develop automation tools.  Managed Amazon Web Service cloud infrastructure.  Work on security and compliance requirements.

**Dec 2012 - March 2014**
**Director IT, [Razoo.com](https://razoo.com), San Francisco, CA**

Design and build the company’s Datacenter using RackSpace datacenter and Amazon Cloud. Manage day to day activities to support company's uptime and Quality of Code.  Design and implement security controls to mitigate PCI issues to ensure that the company's PCI compliance.

Defined information security standards.  Implement and manage change management for company.  Manage and implement company's security infrastructure to follow industry best practices and compliance requirements.

Build and manage internal IT team.  Train and mentor team members.  Work to resolve incompatibility issue for company.  Design and implement security systems for production and all regional offices.

**May 2012 - Dec 2012**
**IT Manager, [Rewardspay.com](https://Rewardspay.com), Milpitas, CA**

Design and build the company’s Datacenter. Manage day to day activities to support company's uptime.  Design and implement security controls to mitigate PCI issues to ensure that the company's PCI compliance.

Defined information security standards.  Implement and manage change management for company.  Manage and implement company's security infrastructure to follow industry best practices and compliance requirements.

Build and manage internal IT team.  Train and mentor team members.  Work to resolve incompatibility issue for company.  Design and implement security systems for production and all regional offices.  Provide third level support to assist multiple internal teams with problem resolution.  

**Nov 2011 - May 2012**
**Senior Security Architect, [NASA](https://www.nasa.gov), Moffett Field, CA**

Architect and design security solutions for NASA.

**June 2008 - Nov 2011**
**Senior Security Engineer, [StubHub](https://stubhub.com) - eBay, San Francisco, CA**

Managed company production environment consisting of high availability architectures and configurations for high volume website based on Linux and, Solaris servers running Apache, Tomcat, Java, MySQL, Oracle, MQ under VMWARE and Sun Domains virtualization. Designed and build company data centers with products from Cisco, Dell, F5, Juniper, Microsoft, Red Hat with BGP and OSPF as network protocols.  

Managed company IT security to satisfy various government and credit card companies level 1 and 2 merchant requirements through the implementation of SecureID, SSO, SSL, certificates, ssh, and VPNs.  Migrate existing Lucent analog phone system to Cisco Unity Call Center under VoIP.  Implement monitoring tools such as Nagios, Qualys, SNORT,  Big Brother, with Cacti and, SubVersion as configuration management and change management systems.

Designed, architected and migrated the company's 60+ linux servers running Redhat RHEL-3 and 4 under 32bits  to 1000+ linux servers running CentOS 5.3 64bits on IBM Bladecenter HS21, HS22, and HS40.  Migrate original 1GB network with RIPv2 to OSPF with BGP at the edge over a 10GB networks using Cisco, BigIP, and Foundry to give the company a 10 times growth in capacity without impacting current production.  After the upgrade and the migration of existing applications to the high capacity environment, I revamp the original network to build out a staging and disaster recovery environments. 

**January 2008 – June 2008**
**Senior Security Architect, [SimplyContinuous.net](https://pressreleaseheadlines.com/netenrich-acquires-simply-continuous-33354), San Francisco, CA**

My focus at Simply Continuous as a Technology Architect is to design and implement technical solutions and process to support business logics.  My broad experience and knowledge ranging from finance, customer supports, and sales, from the business perspective to system, Network, and security from the technology perspective enabled me to add value to the business both as a technical resource and a business resource.  Day-to-day activities include working with the various groups within the company starting with sales and marketing to network operation to architect solutions enabling the business to advance and grow.  In addition to architecting solutions to support the business, I am also responsible for the company overall information security.  At Simply Continuous, I have implemented a security framework based on the ISO17799 model.  This enables the company to address the various industry and government policies and requirements such as PCI, SOX, HIPPA, SAS70 going forward. 

**December 2004 – December 2007**
**Senior Security Architect, [Hotwire](https://www.hotwire.com/) - Expedia, San Francisco, CA**

My focus at Expedia.COM is to develop an enterprise wide security framework including policies and procedures based on security best practices and PCI, SOX, HIPPA requirements using an ISO17799 as template.  Day-to-day activities also include working as a liaison to the business to provide information security guidance for any business initiatives for all of Expedia worldwide.  I would then architect solution(s) to support the business requirements.  I also managed users' training and awareness for information security in addition to mentor my direct reports and function as a tier 3 escalation support resource for the company. 

Quarterly, I would participate in a security audit and PEN test for Expedia Worldwide including North America, Canada, Europe, Japan, South America and the Middle East.  I would them work with internal security teams including vendors to mitigate any risks identified through the audit.  I would then create a quarterly budget request for the next quarter with ranked priorities, risks, and ROI to be presented to the CISO for approval from the board. 

**February 2001 – November 2004**
**Director IT, [Virgin Mobile USA](https://www.virginmobileusa.com/), San Francisco, CA**

Design and build company’s Datacenter in Sacramento to support total ‘light’s out’ management. Defined company’s run-book for the NOC with escalation levels.  Build IDS, honey-pots, sand-traps, firewalls, tripwires, flight-recorders, VPN concentrators, TACACS+, RADIUS, syslog-ng, ftp, tftp, HPOV, LDAP, and terminal servers at multiple sites to support a roaming user base and encompassing multiple regional offices.

Architect and implement a robust online web based transaction environment using Sun Solaris, IBM AIX Linux servers with Web Logic, Veritas, Oracle, Seibel, SAS, and inhouse codes to support VoIP, MMS, SMS, WLNP, 3G network and projected business models with resiliency and redundancy as part of the design.

Defined standards with templates for remote satellite offices connecting to the central corporate hub using WAN links and Internet VPN connections depending on office size.  Established standards for change management of servers and network in production.

Build and manage internal IT team.  Train and mentor team members.  Work  developers to resolve incompatibility issue for company.  Design and implement IDS system for production and all regional offices.  Provide third level support to assist multiple internal teams with problem resolution.  

**November 2000 – November 2001**
**Sr. System Engineer, [mPower, Inc.](https://corporate.morningstar.com/us/asp/subject.aspx?xmlfile=174.xml&filter=PR4056) - Morningstar, San Francisco, CA**

Infrastructure assessment, strategic planning, solutions architecture, system design, installation coordination, and project management.

Responsible for the design and implementation of all security aspect for the production environment to support the new Investment and Advise application running on Solaris 7, 8 servers with EMC Storage arrays.  Reconfigured Cisco routers, switches, PIX firewalls and Arrowpoints balancers.  Designed and installed a multi-perimeters network protected by Cisco IDS for routers, Nokia IP330 with Checkpoint NG firewalls running IPSO and ISS RealSecure for hosts and servers, with a centralized manageable security policy using CA-etrust software.
 
Design a secured jumpstart process for each environment with uniform installation and management with scripts to automate pushes through Tivoli for post customizations unique to each environment.  Design a secured, scalable and fault-tolerant architecture for Oracle databases using stand-by, replication, and parallel features of Oracle running over PKI encryption with LDAP authentication.

Hired and built an operation team to manage all aspects of company’s production environment.  Created a manageable and implement-able company-wide security policy with well define procedure and escalation points.  Set up trust relationships with extra-net partners for development and product collaboration using internal and external PKI CA, RA servers, VPN, S/KEY, PGP, and SecureID. 

Designed and implemented a backup architecture using a multiple layer security with a hierarchal content migration system for on-line, near-line, and off-line determined by data retrieval requirements.  Designed and implemented a single-sign-on system for all internal and remote access with encryption and authentication using centralized PKI CA and departmental CA with LDAP interface over local networks, remoteVPN using SecureID.

Provide developers with network and dataflow designs for a real-world production transaction oriented environment.  Architecture and implement a robust multi-regional, distributed risk, fail-over environment.  Orchestrated company’s development to production migration.

**October 1999 – November 2000**
**Sr. Security Engineer (Professional Services), [Thrupoint, Inc.](https://www.thrupoint.com/)**

Lead security engineer for the West Coast for security projects ranging from
auditing, design, to implementation.

**Clients and duties:**

**April 2000 – November 2000**
**Sr. Network Architect, [Charles Schwab](https://www.schwab.com/), San Francisco, CA**

Met with business partners, analyzed their needs relative to network infrastructure, Created network designs with Visio, and wrote Engineering Change Requests. Scripted configuration changes for moves, adds, and changes to Cisco Switches and Routers. Position required organizing and managing projects, analyzing and communicating business requirements, and the ability to write clearly and concisely.  

I was on the EIGRP migration and planning team, mainly involved in resolving problems related to convergence during migration, aggregation, and redistribution of IGRP from the branches.  Some of my projects include creating and documenting the low-level design and router configurations for the integration of USTRUST to Schwab's Intranet, for connecting various partners and vendors to Schwab's ExtraNet using DLSW+ tunneling, and for new data centers creation.  In addition, using Lucent's VitalNet Software, I performed analyses and troubleshooting of excessive bandwidth utilization of branch and other remote office frame-relay circuits that came to my desk as design issues.  My designs and router configurations mostly involve Cisco 2500, 4500, 6509, 12000 GSR routers utilizing frame-relay, SONET, Token-ring, Gigabit Ethernet, Fast Ethernet, FDDI, XDSL, ISDN, Satellite, and ATM connections.  
I am also involved with creating and documenting the low-level design and router configuration for migrating Schwab's current Online trading system's protocol from the current SNA environment using Front End Processors connected to ESCON directors on the mainframes to a new network infrastructure utilizing Cisco routers with Channel Interface Processors running DSLW+ SNA tunnels over TCP/IP, to create a more robust, high availability, high resiliency and scalable trading environment.

I also designed Schwab web farm for the new data center utilizing Solaris Enterprise Oracle servers with Veritas Clustering and Replication for High Availability; IBM AIX SP2 with Websphere, BEA weblogic and TUXEDO; Checkpoint Firewall-1 on Solaris; Cisco local directors and distributed directors with PIX firewalls, Nokia IP710 with Checkpoint 4.01, Tripwires, TCPWrappers, SecureIDs and PKI enabled LDAP authentication system for the online trading floor.

**February 2000 A April 2000**
**Sr. Security Engineer, [Siemens](https://www.siemens.com), Santa Clara, CA**

Performed security audit of Network Infrastructure, Unix Servers, and Windows System to create a baseline of company’s current security status.  Redesigned Network architecture to include a hierarchical security infrastructure isolating the core, distribution and access layer with ACL filters on routers and switches in the Intranet and multiple Nokia Checkpoint firewalls in the DMZ and ExtraNet with VRRP for firewall redundancy.  Migrated all remote access users to the ExtraNet.  Designed traffic policies for the firewalls.  Designed IDS systems for the ExtraNet and DMZ segments.

Managed project for System Hardening of Unix and Windows servers.  Created user and application access policy on system.  Installed system and application patches to close out security holes found during audit.  Implement Tripwire, SSH, and Syslog-ng, S/Key login over LDAP authentication for Unix and NT servers.  

**January 2000 - February 2000**
**Sr. Security Engineer, [Standard and
Poors](https://www.standardandpoors.com/), Belmont, CA**

Security audit and network penetration analysis of the Belmont’s S&P office.  Design and implement a system wide Intrusion and Detection System including access policy and escalation procedure.  After the assessment, I was tasked with the implementation of a secure robust network consisting of the Intranet, the DMZ, and the ExtraNet using Cisco PIXes, Netrangers, NetSonars, sandboxes, honeypots, Network flight-recorder, Tripwires and Nokia Checkpoint firewalls with VPN solutions to secure the Belmont data center.

**December 1999 - January 2000**
**Mail Security Engineer, [BeVocal](https://www.nuance.com/) - a nuance
corporation, Santa Clara, CA**

Implement a secured messaging environment for customer notification system utilizing Solaris servers with Sendmail8, NAI virus scanner, Nokia Checkpoint-1 Firewalls, 3DNS, Netscape LDAP servers and HPOV NNM.  The environment is configured for multiple unique virtual email domains with all user accounts authenticated via LDAP and message encrypted using S/MIME and PGP.

**October 1999 - December 1999 **
**Webcast Security Engineer, [Microcast Media](https://www.microcastmedia.com), San Francisco, CA**

Design and implement multiple video streaming data centers at various national ISP POP/co-location centers using Cisco 4000 Switches, 12000 GSR routers, with Local and Distributed directors in the core connecting Linux RedHat Intelliserver server-farms to provide a distributed messed video streaming centers.

**March 1999 - October 1999 **
**Sr. Security Engineer, Charles Schwab, San Francisco, CA** 

Security analysis of the Schwab's environment.  Provided design recommendation and educate internal business units on design and implementing a secured network. Final recommendation and implementation utilized Cisco PIX, Checkpoint FW-1, and Gauntlet firewalls, Honeypot, and Sanbox network traps, NT and Solaris hardening, RacF, TacACS+, PKI, S/KEY, SecureID authentication system.

**January 1999 - March 1999 **
**Security Implementation Engineer, Computer Associate, Alameda, CA** 

Design and implement an access system to all Unix servers for the enterprise using TNG-Unicenter andTivoli with SeOS module managing access levels giving separation of duties and accountability on Windows NT, AIX, HP, and Solaris systems.

**January 1998 - January 1999 **
**Sr. Security Engineer, Memco Software, Redwood City, CA**

Design and implement a multi-layer departmentalized administration of a host-layer secured, authenticated access system for Windows NT and Unix systems running AIX, Solaris, HPUX Operating System.

**April 1995 - January 1998**
**Sr. Unix Administrator, Lexical Technology, Alameda, CA**

MIS department budget planning, RFP write-up, and direct vendor interactions.  Manage hiring and review of MIS staff. Designed and implement MIS policies for company.  Manage company's MIS department consisted of junior level NT and Unix system administrators. Designed and implement company's infrastructure for robustness, growth, and security using proxies, firewall, switches, NAT, and VPNs. Manage heterogeneously integrated clusters of Suns, IBM AS/400, RS/6000, SGI IRIX, Macintoshes, and PCs running both Windows95 and NT with Sun Netmanager and HP Openview using both snmp and Rmon protocols.  Manage and implement a "secure" environment for the disparate operating clusters using multi-level firewalls, multiple redundant NT domains, and High Availability servers. 
Install and maintain company deployments at remote locations using ADSL, Frame Relay, ISDN, and POTS access with SecureID, S/key, and Kerberos authentication via PKI, SSL, SSH protocols.  
Designed and implement load balancing with redundancy methods for internal and external network servers.  Designed and implement procedure for maintaining remote servers based at customer sites. 
Working as the Senior DBA to designed and implement Oracle, Ingres, Informix and MS-SQL databases for data-mining projects.  
Create, staff, and manage newly formed professional service and support group for the company.  
Designed and implement a network infrastructure to support new start-up company with multiple DMZ zones and restricted zones over Frame, ADSL, ISDN, and VPN.  

**1991 - 1995**
**Sr. System Manager, International Computer Science Institute, Berkeley,
California**

Manage heterogeneously integrated cluster of Suns running Solaris and SunOS, SGI, DEC, Macs, and PCs connected to the intranet and internet. 
Configure and manage backbone routers using OSPF, EIGRP, BPG, IS-IS, and RIP in conjunction with University of California Network Administrators. Designed and implement DNS, NIS(YP), NIS+, SMTP(Sendmail), NTP(News), POP3(Post Office Protocol), and proxy servers for company. Manage and implement a cluster of PCs and Macs in a "secure" atmosphere connected to the local intranet behind a "firewall" and using "Virtual Private Networks, VPN."  
Provide support for 500+ users with about 100+ on site at any given time.  
Provide basic support for Lotus Notes.  
Train users in remote access, basic system usage, and netiquette.

**1989 - 1991**
**Network Architecture Engineer, City College of San Francisco, San Francisco,
California**

Design and implement a network system to replace the current outdated mainframe server supporting the local college.  Design and implement a Sybase server for the above.

**1988 - 1989**
**Contract Programmer/Consultant, San Francisco Unified School District, San
Francisco, California**

Designed and implement a client/server front end to maintain the districts student databases.

**1987 - 1988**
**Contract Programmer/Consultant, Coit Furniture, San Francisco, California**

Design and implement a client/server automated POS inventory system.
